Thanks for the topic @tamas!
Like @tamas said, we discussed this a bit. The plex server can run in a couple of ways: either as a daemon or via a session service that is started via the ~/.autostart. ~/.autostart is being discussed here: How to autostart a snap of a desktop application? so we don’t have to talk about that here. Note that plex could take the opinion that it should be a session service, and therefore be started via https://github.com/snapcore/snapd/pull/2592, but that isn’t something they do now. With both of the latter options, the ‘home’ interface works fine because the server is running as the user.
A current use case for the Plex deb is to run the service as root, and slurp up files from all the user’s home directories for playback. Plex needs only read-only to these files. Since the service runs as root, the ‘home’ interface necessarily uses ‘owner’ match and ‘owner’ matching is not fine-grained (it either matches or it doesn’t), we need to think of how we want to expose that.
In the past we’ve considered added interface attributes to the home interface in order expand it, and as a strawman I’d like to propose we use a an attribute for Plex’s use case. Using an interface attribute allows us to use snap declarations to regulate its use. I suggest:
plugs:
home:
allow-other-read: true
‘allow-other-read’ is inspired by DAC permissions for ‘user’, ‘group’, and ‘other’. Rather than the quick rule @tamas referenced, we instead add a series of rules that allows non-owner reads for non-hidden files except ~/snap.
Thoughts?